##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

a
Unknown -
r484:31ba8b1e2e39
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,48 +1,51
1 #
1 #
2 # Setup Firewall
2 # Setup Firewall
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$ENABLE_IPTABLES" = true ] ; then
8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 # Create iptables configuration directory
9 # Create iptables configuration directory
10 mkdir -p "${ETC_DIR}/iptables"
10 mkdir -p "${ETC_DIR}/iptables"
11
11
12 # make sure iptables-legacy is the used alternatives
12 # make sure iptables-legacy is the used alternatives
13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15
15
16 # Install iptables systemd service
16 # Install iptables systemd service
17 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
17 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
18
18
19 # Install flush-table script called by iptables service
19 # Install flush-table script called by iptables service
20 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
20 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
21
21
22 # Install iptables rule file
22 # Install iptables rule file
23 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
23 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
24
24
25 # Reload systemd configuration and enable iptables service
25 # Reload systemd configuration and enable iptables service
26 chroot_exec systemctl daemon-reload
26 chroot_exec systemctl daemon-reload
27 chroot_exec systemctl enable iptables.service
27 chroot_exec systemctl enable iptables.service
28
28
29 if [ "$ENABLE_IPV6" = true ] ; then
29 if [ "$ENABLE_IPV6" = true ] ; then
30 # make sure ip6tables-legacy is the used alternatives
31 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
32
30 # Install ip6tables systemd service
33 # Install ip6tables systemd service
31 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
34 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
32
35
33 # Install ip6tables file
36 # Install ip6tables file
34 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
37 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
35
38
36 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
39 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
37
40
38 # Reload systemd configuration and enable iptables service
41 # Reload systemd configuration and enable iptables service
39 chroot_exec systemctl daemon-reload
42 chroot_exec systemctl daemon-reload
40 chroot_exec systemctl enable ip6tables.service
43 chroot_exec systemctl enable ip6tables.service
41 fi
44 fi
42
45
43 if [ "$ENABLE_SSHD" = false ] ; then
46 if [ "$ENABLE_SSHD" = false ] ; then
44 # Remove SSHD related iptables rules
47 # Remove SSHD related iptables rules
45 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
48 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
46 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
49 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
47 fi
50 fi
48 fi
51 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant